Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    145KB

  • Sample

    221006-sgq6gsaabl

  • MD5

    259f5494172bad237d0ab5c84857dbab

  • SHA1

    da375930a04399b18950d5d497e7d2680cbd742b

  • SHA256

    9290fd839c6c7a5e43a7a61e09c352550a91516dc671634e56dafa7f9f3c6819

  • SHA512

    4a608b4c9be23d0b1a3d4ffc666e4472488b6e641903e87046dd94aa1baea2c5be6776431cd682888672c7c193d1a7ca216abfb88cf7f282d8e44ee6dde34ac3

  • SSDEEP

    3072:yXCKq9EQL/7luMcKLgQlNh16++Xcr1uueivp3vHui0hjO:yyVEQL/JBLgQpsDXa+iJvHu3

Score
10/10
danabotsmokeloadersystembcbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    EAD30BF58E340E9E105B328F524565E0

  • type

    loader

Extracted

Family

systembc

C2

45.182.189.231:443

Targets

    • Target

      file.exe

    • Size

      145KB

    • MD5

      259f5494172bad237d0ab5c84857dbab

    • SHA1

      da375930a04399b18950d5d497e7d2680cbd742b

    • SHA256

      9290fd839c6c7a5e43a7a61e09c352550a91516dc671634e56dafa7f9f3c6819

    • SHA512

      4a608b4c9be23d0b1a3d4ffc666e4472488b6e641903e87046dd94aa1baea2c5be6776431cd682888672c7c193d1a7ca216abfb88cf7f282d8e44ee6dde34ac3

    • SSDEEP

      3072:yXCKq9EQL/7luMcKLgQlNh16++Xcr1uueivp3vHui0hjO:yyVEQL/JBLgQpsDXa+iJvHu3

    Score
    10/10
    smokeloaderbackdoortrojandanabotsystembcbanker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks